Configure Mosquitto mqtt broker user authentication in Docker running on Synology NAS

Today I’ve tried to enable user authentication for my Mosquitto mqtt broker running in a Docker container on my Synology NAS.

Here’s my shared folder for use with docker, its under /volume1/docker:

mqtt
├── data
├── log
│   └── mosquitto.log
├── mosquitto.conf
└── mosquitto.passwd

The mqtt folder needs to be accessible by the docker process running in the container, e.g. by using:

sudo chown -R 1883:1883 mqtt/

The content of my used docker-compose.yml:

version: '3'
services:
  mosquitto:
    hostname: mosquitto
    image: eclipse-mosquitto:latest
    restart: always
    volumes:
      - /volume1/docker/mqtt/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro
      - /volume1/docker/mqtt/mosquitto.passwd:/mosquitto/config/mosquitto.passwd
      - /volume1/docker/mqtt/log/mosquitto.log:/mosquitto/log/mosquitto.log
      - /volume1/docker/mqtt/data:/mosquitto/data
    ports:
      - "1883:1883"

The mapped files in the volume section need to be present, otherise docker will complain during startup of the container.

Make also sure that you’re writing mosquitto with double t. I’ve forgotten this and used only one t, wondering why nothing was working the way I’ve expected it.

Here’s the content of my mosquitto.conf:

pid_file /var/run/mosquitto.pid

persistence true
persistence_location /mosquitto/data/

log_dest file /mosquitto/log/mosquitto.log
log_dest stdout

password_file /mosquitto/config/mosquitto.passwd
allow_anonymous false

You can setup the mosquitto.passwd using the docker container and/or an installation of mosquitto, so that you can use the mosquitto_passwd tool.

mosquitto_passwd -c /mosquitto/config/mosquitto.passwd <username>

It will ask you twice for the password for the username. If you want to setup additional users, you should omit the -c parameter, so that the existing file won’t be overwritten.

The „allow_anonymous false“ line will disable anonymous authentication to the broker.

You can now SSH to your Synology and start the docker container using the docker-compose file:

docker-compose -f docker-compose.yml up -d

This will look for the docker-compose.yml in the current folder and will execute docker in daemon mode. It will restart automatically when your Synology is restarting (e.g. after system updates).

Creating a backup of an existing OpenHAB installation

I’m about to try an update of my existing OpenHAB installation. Right now I’ve got a few things in a working state and in case I destroy anything I want to have a working backup.

Luckily, there’s an integrated backup script on my 2.4.0 installation I can use. I just need to install the zip package first on my Raspbian using

sudo apt-get install zip

Now I can run a backup using

sudo $OPENHAB_RUNTIME/bin/backup

#########################################
       openHAB 2.x.x backup script
#########################################

Using '/etc/openhab2' as conf folder...
Using '/var/lib/openhab2' as userdata folder...
Using '/usr/share/openhab2/runtime' as runtime folder...
Using '/var/lib/openhab2/backups' as backup folder...
Writing to '/var/lib/openhab2/backups/openhab2-backup-19_11_21-19_24_30.zip'...
Making Temporary Directory if it is not already there
Using /tmp/openhab2/backup as TempDir
Copying configuration to temporary folder...
Removing unnecessary files...
Backup Directory is inside userdata, not including in this backup!
Zipping folder...
Removing temporary files...
Success! Backup made in /var/lib/openhab2/backups/openhab2-backup-19_11_21-19_24_30.zip

The backup includes the installed plugins as well as the used configuration. Quite easy and fun to use!